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CLAIM AMENDMENTS 



1 1 . (Currently Amended) A method of securely establishing a call between a first node of a 

2 voice over Internet Protocol call connection and a second node thereof, the method 

3 comprising the computer-implemented steps of: 

4 receiving non-encrypted authentication request information that includes challenge 

5 information from the first node; 

6 receiving, from an authentication server that is separate from but communicatively 

7 coupled to the second node, an authentication message indicating whether the first 

8 node is authenticated based on the non-encrypted authentication request 

9 information and including challenge response information generated by the 

10 authentication server ; and 

1 1 establishing a call between the second node and the first node only when the 

12 authentication message indicates that the first node is authenticated at the 

1 3 authentication server. 

1 2. (Original) A method as recited in Claim 1, wherein the step of receiving non-encrypted 

2 authentication request information comprises the steps of receiving an access token 

3 comprising a general identifier value, a time stamp value, a challenge value, and a 

4 random value. 

1 3. (Currently Amended) A method as recited in Claim 1, wherein the step of receiving non- 

2 encrypted authentication request information comprises the steps of receiving an H.235 

3 Cl e arToken data comprising a general identifier value, a time stamp value, a challenge 

4 value, and a random value. 

1 4. (Currently Amended) A method as recited in Claim 1, wherein the step of receiving 

2 non-encrypted authentication request information further comprises the steps of: 

3 determining whether the authentication request information was created within an 

4 acc e ptabl e a specified interval of time with respect to a current time; and 



2 

Docket No. 50325-0102 (1850) 



Application of Tyrone Floryanzia, Ser. No. 09/676,265, Filed September 28, 2000 
Submission to Accompany RCE 



5 issuing a request for authentication to the authentication server only when the 

6 authentication request information was created within the acceptable specified 

7 interval of time with respect to the current time. 

1 5. (Previously Presented) A method as recited in Claim 1, further comprising the steps of: 

2 receiving a password that is associated with the first node; 

3 generating an authentication response based on the password and challenge information 

4 contained in the authentication request information; 

5 determining whether the authentication response matches the authentication request 

6 information; and 

7 issuing authentication approval information in the authentication message only when the 

8 authentication response matches the authentication request information. 

1 6. (Previously Presented) A method as recited in Claim 1, further comprising the steps of: 

2 receiving a password that is associated with the first node; 

3 generating a Challenge Handshake Authentication Protocol (CHAP) response based on 

4 the password and implied CHAP challenge information contained in the 

5 authentication request information; 

6 determining whether the authentication response matches the authentication request 

7 information based on CHAP; and 

8 issuing authentication approval information in the authentication message only when the 

9 authentication response matches the authentication request information based on 
10 CHAP. 

1 7. (Currently Amended) A method of securely establishing a call in a voice over Internet 

2 Protocol call connection system that includes a first gateway at a call origination point, a 

3 first gatekeeper, a second gatekeeper, a second gateway at a call termination point, and an 

4 authentication server that is separate from but communicatively coupled to the first 

5 gatekeeper and the second gatekeeper, the method comprising the computer-implemented 

6 steps of: 

7 receiving non-encrypted authentication request information from the first gateway; 
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8 receiving from the authentication server an authentication message that includes 

9 challenge response information generated by the authentication server and 

10 indicating whether the first gateway is authenticated based on the non-encrypted 

1 1 authentication request information that includes challenge information ; and 

12 establishing a call between the second gateway and the first gateway only when the 

13 authentication message indicates that the first gateway is authenticated at the 

14 authentication server. 

1 8. (Previously Presented) A method as recited in Claim 7, further comprising the steps of: 

2 receiving a call setup request message at the first gateway; 

3 creating and storing the non-encrypted authentication request information based on the 

4 current time and information that uniquely identifies the first gateway; and 

5 requesting the second gateway to set up a call based on the authentication request 

6 information. 

1 9. (Currently Amended) A method as recited in Claim 8, further comprising the steps of: 

2 determining whether the authentication request information was created within an 

3 acc e ptabl e a specified interval of time with respect to a current time; at the second 

4 gatekeeper; and 

5 requesting the authentication server to carry out authentication of the first gateway only 

6 when the authentication request information was created within the acc e ptabl e 

7 specified interval of time with respect to the current time at the second gatekeeper. 

1 10. (Original) A method as recited in Claim 7, wherein the step of receiving non-encrypted 

2 authentication request information comprises the steps of receiving an access token 

3 comprising a general identifier value, a time stamp value, a challenge value, and a 

4 random value. 
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1 11. (Currently Amended) A method as recited in Claim 7, wherein the step of receiving non- 

2 encrypted authentication request information comprises the steps of receiving an H.235 

3 Cl e arTok e n data comprising a general identifier value, a time stamp value, a challenge 

4 value, and a random value. 

1 12. (Previously Presented) A method as recited in Claim 7, further comprising the steps of: 

2 receiving a password that is associated with the first gateway; 

3 generating an authentication response based on the password and challenge information 

4 contained in the authentication request information; 

5 determining whether the authentication response matches the authentication request 

6 information; and 

7 issuing authentication approval information in the authentication message only when the 

8 authentication response matches the authentication request information. 

1 13. (Currently Amended) The A method as recited in Claim 7, further comprising the steps 

2 of: 

3 receiving a password that is associated with the first gateway; 

4 generating an authentication response based on the password and challenge information 

5 contained in the authentication request information; 

6 determining whether the authentication response matches the authentication request 

7 information; 

8 issuing authentication approval information in the authentication message to the second 

9 gatekeeper only when the authentication response matches the authentication 

10 request information; and 

1 1 issuing authentication rejection information in the authentication message to the second 

12 gatekeeper when the authentication response does not match the authentication 

1 3 request information. 

1 1 4. (Previously Presented) A method as recited in Claim 7, further comprising the steps of: 

2 receiving a password that is associated with the first gateway; 
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3 generating a Challenge Handshake Authentication Protocol (CHAP) response based on 

4 the password and implied CHAP challenge information contained in the 

5 authentication request information; 

6 determining whether the authentication response matches the authentication request 

7 information based on CHAP; and 

8 issuing authentication approval information in the authentication message only when the 

9 authentication response matches the authentication request information based on 
10 CHAP. 

1 15. (Previously Presented) A method as recited in Claim 12, wherein the step of establishing 

2 a call between the second gateway and the first gateway comprises the step of establishing 

3 a call between the second gateway and the first gateway only when authentication 

4 approval information is received in the authentication message. 

1 16. (Currently Amended) A method of securely establishing a call in a voice over Internet 

2 Protocol call connection system that includes a first gateway at a call origination point, a 

3 first gatekeeper, a second gatekeeper, a second gateway at a call termination point, and an 

4 authentication server that is separate from but communicatively coupled to the first 

5 gatekeeper and the second gatekeeper, the method comprising the computer-implemented 

6 steps of: 

7 receiving user identification information from the first gateway that comprises a user 

8 identifier and a personal identification number that are uniquely associated with a 

9 calling party who originates a call using the first gateway; 

10 receiving from the authentication server a first authentication message indicating whether 

1 1 the user identification information is authenticated based on first challenge 

12 response information generated by the authentication server : 

1 3 receiving non-encrypted authentication request information that includes challenge 

14 information from the first gateway; 
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15 receiving from the authentication server a second authentication message indicating 

1 6 whether the first gateway is authenticated based on the non-encrypted 

1 7 authentication request information and second challenge response information 

18 generated by the authentication server ; and 

19 establishing a call between the second gateway and the first gateway for the calling party 

20 only when the first authentication message indicates that the user identification 

21 information is authenticated and the second authentication message indicates that 

22 the first gateway is authenticated at the authentication server. 

1 17. (Original) A method as recited in Claim 16, wherein the step of receiving non-encrypted 

2 authentication request information comprises the steps of receiving an access token 

3 comprising a general identifier value, a time stamp value, a challenge value, and a 

4 random value. 

1 18. (Currently Amended) A method as recited in Claim 16, wherein the step of receiving 

2 non-encrypted authentication request information comprises the steps of receiving aa 

3 H.235 Cl e arTok e n data comprising a general identifier value, a time stamp value, a 

4 challenge value, and a random value. 

1 19. (Currently Amended) A method as recited in Claim 16, wherein the step of receiving 

2 non-encrypted authentication request information further comprises the steps of: 

3 determining whether the authentication request information was created within an 

4 acc e ptabl e a specified interval of time with respect to a current time; and 

5 issuing a request for authentication to the authentication server only when the 

6 authentication request information was created the acc e ptabl e specified interval of 

7 time with respect to the current time. 

1 20. (Previously Presented) A method as recited in Claim 16, further comprising the steps of: 

2 receiving a password that is associated with the first gateway; 

3 generating an authentication response based on the password and challenge information 

4 contained in the authentication request information; 
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5 determining whether the authentication response matches the authentication request 

6 information; and 

7 issuing authentication approval information in the authentication message only when the 

8 authentication response matches the authentication request information. 

1 21 . (Previously Presented) A method as recited in Claim 16, further comprising the steps of: 

2 receiving a password that is associated with the first gateway; 

3 generating a Challenge Handshake Authentication Protocol (CHAP) response based on 

4 the password and implied CHAP challenge information contained in the 

5 authentication request information; 

6 determining whether the authentication response matches the authentication request 

7 information based on CHAP; and 

8 issuing authentication approval information in the authentication message only when the 

9 authentication response matches the authentication request information based on 
10 CHAP. 

1 22. (Currently Amended) A method as recited in Claim 16, wherein the step of receiving 

2 non-encrypted user identification information further comprises the steps of: 

3 determining whether the user identification information was created within an acceptabl e 

4 a specified interval of time with respect to a current time; and 

5 issuing a request for authentication to the authentication server only when the user 

6 identification information was created within the acc e ptable specified interval of 

7 time with respect to the current time. 

1 23. (Previously Presented) A method as recited in Claim 16, further comprising the steps of: 

2 retrieving a personal identification value that is associated with the user account number 

3 in the user identification information; 

4 determining whether the personal identification value matches the personal identification 

5 number that is in the user identification information; and 
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6 issuing authentication approval information in the authentication message only when the 

7 personal identification value matches the personal identification number that is in 

8 the user identification information. 

1 24. (Currently Amended) A computer-readable medium carrying one or more sequences of 

2 instructions for securely establishing a call between a first node of a voice over Internet 

3 Protocol call connection and a second node thereof, which instructions, when executed by 

4 one or more processors, cause the one or more processors to carry out the steps of: 

5 receiving non-encrypted authentication request information that includes challenge 

6 information from the first node; 

7 receiving, from an authentication server that is separate from but communicatively 

8 coupled to the second node, an authentication message indicating whether the first 

9 node is authenticated based on the non-encrypted authentication request 

10 information and challenge response information generated by the authentication 

1 1 server ; and 

12 establishing a call between the second node and the first node only when the 

1 3 authentication message indicates that the first node is authenticated at the 

14 authentication server. 

1 25. (Original) A computer-readable medium as recited in Claim 24, wherein the step of 

2 receiving non-encrypted authentication request information comprises the steps of 

3 receiving an access token comprising a general identifier value, a time stamp value, a 

4 challenge value, and a random value. 

1 26. (Currently Amended) A computer-readable medium as recited in Claim 24, wherein the 

2 step of receiving non-encrypted authentication request information comprises the steps of 

3 receiving an H.235 Cl e arTok e n data comprising a general identifier value, a time stamp 

4 value, a challenge value, and a random value. 

9 

Docket No. 50325-0102 (1850) 



Application of Tyrone Floryanzia, Ser. No. 09/676,265, Filed September 28, 2000 
Submission to Accompany RCE 



1 27. (Currently Amended) A computer-readable medium as recited in Claim 24, wherein the 

2 step of receiving non-encrypted authentication request information further comprises the 

3 steps of: 

4 determining whether the authentication request information was created within an 

5 acc e ptabl e a specified interval of time with respect to a current time; and 

6 issuing a request for authentication to the authentication server only when the 

7 authentication request information was created within the acc e ptabl e specified 

8 interval of time with respect to the current time. 

1 28. (Previously Presented) A computer-readable medium as recited in Claim 24, further 

2 comprising the steps of: 

3 receiving a password that is associated with the first node; 

4 generating an authentication response based on the password and challenge information 

5 contained in the authentication request information; 

6 determining whether the authentication response matches the authentication request 

7 information; 

8 issuing authentication approval information in the authentication message only when the 

9 authentication response matches the authentication request information. 

1 29. (Previously Presented) A computer-readable medium as recited in Claim 24, further 

2 comprising the steps of: 

3 receiving a password that is associated with the first node; 

4 generating a Challenge Handshake Authentication Protocol (CHAP) response based on 

5 the password and implied CHAP challenge information contained in the 

6 authentication request information; 

7 determining whether the authentication response matches the authentication request 

8 information based on CHAP; and 

9 issuing authentication approval information in the authentication message only when the 

10 authentication response matches the authentication request information based on 

11 CHAP. 
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1 30. (Currently Amended) An apparatus for securely establishing a call between a first node 

2 of a voice over Internet Protocol call connection and a second node thereof, which 

3 instructions, comprising: 

4 means for receiving non-encrypted authentication request information that includes 

5 challenge information from the first node; 

6 means for receiving, from an authentication server that is separate from but 

7 communicatively coupled to the second node, an authentication message 

8 indicating whether the first node is authenticated based on the non-encrypted 

9 authentication request information and challenge response information generated 

10 by the authentication server ; and 

1 1 means for establishing a call between the second node and the first node only when the 

12 authentication message indicates that the first node is authenticated at the 

1 3 authentication server. 

1 31. (Currently Amended) An apparatus for securely establishing a call between a first node 

2 of a voice over Internet Protocol call connection and a second node thereof, comprising: 

3 a network interface that is coupled to the data network for receiving one or more packet 

4 flows therefrom; 

5 a processor; 

6 one or more stored sequences of instructions which, when executed by the processor, 

7 cause the processor to carry out the steps of: 

8 receiving non-encrypted authentication request information that includes 

9 challenge information from the first node; 

10 receiving, from an authentication server that is separate from but communicatively 

1 1 coupled to the second node, an authentication message indicating whether 

1 2 the first node is authenticated based on the non-encrypted authentication 

1 3 request information and challenge response information generated by the 

14 authentication server : and 
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1 5 establishing a call between the second node and the first node only when the 

1 6 authentication message indicates that the first node is authenticated at the 

1 7 authentication server. 

1 32. (Previously Presented) An apparatus as recited in Claim 30, wherein the means for 

2 receiving non-encrypted authentication request information comprises means for 

3 receiving an access token comprising a general identifier value, a time stamp value, a 

4 challenge value, and a random value. 

1 33. (Currently Amended) An apparatus as recited in Claim 30, wherein the means for 

2 receiving non-encrypted authentication request information comprises means for 

3 receiving an H.235 Cl e arTok e n data comprising a general identifier value, a time stamp 

4 value, a challenge value, and a random value. 

1 34. (Currently Amended) An apparatus as recited in Claim 30, wherein the means for 

2 receiving non-encrypted authentication request information further comprises: 

3 means for determining whether the authentication request information was created within 

4 an acc e ptabl e a specified interval of time with respect to a current time; and 

5 means for issuing a request for authentication to the authentication server only when the 

6 authentication request information was created within the acc e ptabl e specified 

7 interval of time with respect to the current time. 

1 35. (Previously Presented) An apparatus as recited in Claim 30, further comprising: 

2 means for receiving a password that is associated with the first node; 

3 means for generating an authentication response based on the password and challenge 

4 information contained in the authentication request information; 

5 means for determining whether the authentication response matches the authentication 

6 request information; and 

7 means for issuing authentication approval information in the authentication message only 

8 when the authentication response matches the authentication request information. 
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1 36. (Previously Presented) An apparatus as recited in Claim 30, further comprising: 

2 means for receiving a password that is associated with the first node; 

3 means for generating a Challenge Handshake Authentication Protocol (CHAP) response 

4 based on the password and implied CHAP challenge information contained in the 

5 authentication request information; 

6 means for determining whether the authentication response matches the authentication 

7 request information based on CHAP; and 

8 means for issuing authentication approval information in the authentication message only 

9 when the authentication response matches the authentication request information 
10 based on CHAP. 

1 37. (Previously Presented) An apparatus as recited in Claim 3 1 , wherein the step of receiving 

2 non-encrypted authentication request information comprises the steps of receiving an 

3 access token comprising a general identifier value, a time stamp value, a challenge value, 

4 and a random value. 

1 38. (Currently Amended) An apparatus as recited in Claim 3 1 , wherein the step of receiving 

2 non-encrypted authentication request information comprises the steps of receiving an 

3 H.235 Cl e arToken data comprising a general identifier value, a time stamp value, a 

4 challenge value, and a random value. 

1 39. (Currently Amended) An apparatus as recited in Claim 31, wherein the step of receiving 

2 non-encrypted authentication request information further comprises the steps of: 

3 determining whether the authentication request information was created within an 

4 acc e ptabl e a specified interval of time with respect to a current time; and 

5 issuing a request for authentication to the authentication server only when the 

6 authentication request information was created within the acc e ptabl e specified 

7 interval of time with respect to the current time. 
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1 40. (Previously Presented) An apparatus as recited in Claim 3 1 , further comprising one or 

2 more sequences of instructions which, when executed by the processor, cause the 

3 processor to carry out the steps of: 

4 receiving a password that is associated with the first node; 

5 generating an authentication response based on the password and challenge information 

6 contained in the authentication request information; 

7 determining whether the authentication response matches the authentication request 

8 information; and 

9 issuing authentication approval information in the authentication message only when the 
10 authentication response matches the authentication request information. 

1 41. (Previously Presented) An apparatus as recited in Claim 3 1 , further comprising one or 

2 more sequences of instructions which, when executed by the processor, cause the 

3 processor to carry out the steps of: 

4 receiving a password that is associated with the first node; 

5 generating a Challenge Handshake Authentication Protocol (CHAP) response based on 

6 the password and implied CHAP challenge information contained in the 

7 authentication request information; 

8 determining whether the authentication response matches the authentication request 

9 information based on CHAP; and 

10 issuing authentication approval information in the authentication message only when the 

1 1 authentication response matches the authentication request information based on 

12 CHAP. 
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